Skip to content

Mar 7 , 2014

0
Subscribe:

Error message

  • Warning: count(): Parameter must be an array or an object that implements Countable in theme_table() (line 1891 of /home4/opbmedia/public_html/penntipp.org/includes/theme.inc).
  • Warning: count(): Parameter must be an array or an object that implements Countable in theme_table() (line 1954 of /home4/opbmedia/public_html/penntipp.org/includes/theme.inc).
  • Deprecated function: implode(): Passing glue string after array is deprecated. Swap the parameters in drupal_get_feeds() (line 394 of /home4/opbmedia/public_html/penntipp.org/includes/common.inc).
  • Deprecated function: The each() function is deprecated. This message will be suppressed on further calls in menu_set_active_trail() (line 2386 of /home4/opbmedia/public_html/penntipp.org/includes/menu.inc).

Target testifies before Senate on latest security breach

by Chris Martyn

On February 4th, the Senate Judiciary Committee held a hearing entitled “Privacy in the Digital Age: Preventing Data Breaches and Combating Cybercrime.” The inquiry was summoned in the wake of the widely publicized consumer data breach that occurred at Target this past December, through which an estimated 40 million credit card records and 70 million personal data records were accessed by hackers utilizing malware on the company’s point-of-sale system. The hearing’s principle witness was John J. Mulligan, Executive VP and CFO of Target. He was joined by Michael Kingston, Senior VP and CIO of Neiman Marcus. Neiman Marcus had experienced similar breaches around the same time, although they were smaller in scale and less well-publicized.

Following the usual mea culpas to the Committee, a surprisingly pleasant and cooperatively toned exchange occurred between the witnesses and the senators. The witness were only grilled on the issue of when their respective companies first learned of the breaches. In both cases, the Justice Department detected the breach first, then notified the companies. Neither Target nor Neiman Marcus initially detected the data breaches through internal processes.

Despite the hearing’s title, no specific regulatory visions aimed at improving security or reducing the likelihood of future breaches were discussed. Rather, the Senate Judiciary Committee’s only stated goal was to settle on a consumer data breach notification standard. Mulligan suggested an accelerated transition to chip-and-pin credit card technology. Chip-and-pin cards, which are favored in Europe and Japan, are considered inherently more secure than traditional magnetic strip cards, which still dominate the U.S. market. While this spurred a general discussion on how to move the nation away from magnetic strip technology, few other concrete security ideas were advanced in the hearing.

Committee chair Patrick Leahy (D-VT) placed the aggregate loss of privacy data at more than 662 million records since 1995, with over 600 publicly disclosed discrete breach events in 2013 alone. He highlighted the potential impact of data breaches on consumer confidence as a whole, which in turn threaten to create negative repercussions throughout the retail marketplace. Nevertheless, Senator Leahy struck a conciliatory tone towards the companies represented, noting that “the businesses that suffer cyberattacks are also often the victims of a cybercrime.”

Ranking committee member Senator Chuck Grassley (R-IA) also maintained a friendly tone throughout the hearing. He acknowledged that a “one size fits all” legislation standard would likely be ineffective, and also expressed his wish that the government act as a “partner with private business” to improve cyber security as a whole.


Source: Wall Street Cheatsheet